CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43666 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2021-43666
24 Mar 2022 — A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. Se presenta una vulnerabilidad de denegación de servicio en mbed TLS 3.0.0 y anteriores, en la función mbedtls_pkcs12_derivation cuando la longitud de una contraseña de entrada es 0 Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. Versions less than 2.28.1 are affected. • https://github.com/ARMmbed/mbedtls/issues/5136 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-45450 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2021-45450
21 Dec 2021 — In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. En Mbed TLS versiones anteriores a 2.28.0 y 3.x versiones anteriores a 3.1.0, las funciones psa_cipher_generate_iv y psa_cipher_encrypt permiten omitir la política o el descifrado basado en oráculos cuando el búfer de salida es encontrado en ubicaciones de memoria accesibles para una ... • https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-45451
https://notcve.org/view.php?id=CVE-2021-45451
21 Dec 2021 — In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. En Mbed TLS versiones anteriores a 3.1.0, la función psa_aead_generate_nonce permite omitir la política o el descifrado basado en oráculos cuando el búfer de salida es encontrada en ubicaciones de memoria accesibles para una aplicación no confiable • https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-44732 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2021-44732
20 Dec 2021 — Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. Mbed TLS versiones anteriores a 3.0.1,presenta una doble liberación en determinadas condiciones de salida de memoria, como es demostrado por un fallo de la función mbedtls_ssl_set_session() Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. Versions less than 2.28.1 are affected. • https://bugs.gentoo.org/829660 • CWE-415: Double Free •